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SYSTEM AND METHOD FOR LICENSING CONTENT 
Field of the Invention 

The present invention relates generally to systems and methods for controlling 



and monitoring use of computer programs 



specifically to systems and methods for en bedded licensing information in the 
computer programs and other digital content and for controlling access thereto in a 
distributed computer environment. 



of 



graphic 



various 



Background 

The Internet, and particularly the World 
the Internet, has become a popular vehicle 
arbitrary kinds, including formatted text, 
programmed content. Associated with 
formats, or languages for its representatior 
as files or communicated over a network, 
known, currently popular representations 
images, and JAVA for programs. Additioi^al 
being developed. The CURL language, developed 
Technology {Curl: A Gentle Slope 
Seed, C. Terman, S. Ward, MIT Laboratoify 
Journal, Volume 1 1 . II, Issue 2, Spring 
different types of content within a single language 



Language fc 



1997) 
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SUBSTITUTE SHEET (RULE 26) 



and other digital content, and more 



the Invention 

Wide Web ("web" or "WWW") within 
for widespread access to content of nearly 
ics, audio, video, and interactive 
types of content are conventions, 
as strings of bits or characters when stored 
Although many content representations are 
include HTML for formatted text, JPEG for 
content representations are continually 
at the Massachusetts Institute of 
'or the Web, M. Hostetter, D. Kranz, C. 
for Computer Science World Wide Web 
, is designed to represent a variety of 
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content 



Typically, content must 
processing requires software or 
the content, represented in some 
medium (i.e., CD-ROM or hare 
5 "executes," "interprets," or " 

noted that executing, operating 
and used interchangeably herein 
Generally, an appropriate 
of content being processed. 
10 the content, or from the conteijt 

customarily denotes that the 
may include displaying the 
Analogously, content transmitted 
audio content to be played for 
1 5 processing may be performed, 

notation system so that it may 
On the web, the acts of 
by a client application called a 
Netscape Communicator, avai 
20 and Netscape Communication^ 

These browsers include the ca 
including HTML text, JPEG 



-2- 

be processed before it is presented to a user. Such 
the user's computer (the "client") which (a) fetches 
identifiable language, from either a local storage 
disk) or remote computer (the "server") and (b) 
prbcesses" the fetched content appropriately. It should be 
on, and interpreting are all forms of processing content 



image 
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type of processing is readily apparent from the type 
is may be determined from a filename associated with 
itself. For example, a filename ending in "jpg" 

is a JPEG image and that appropriate processing 
on a computer monitor for viewing by the user, 
with a "midi" MIME type would be understood to be 
a user to hear. Note, however, that other types of 
such as displaying audio content using a suitable 
be edited. 

fetching and processing content are typically performed 
"browser," such as Microsoft Internet Explorer and 
able from Microsoft Corporation, of Redmond, WA, 
Corporation, of Mountain View, CA, respectively, 
pability of processing several common types of content 
i nages, and Java programs, among others. These 
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the 



browsers also accommodate new types of 
through loadable software modules comm 

When a browser attempts to fetch 
browser loads a plug-in associated with 
5 plug-in to process the content. If an 

on the client computer, an appropriate plu 
another source, typically as server on the internet. 

For example, when a browser 
the browser locates and loads a 
10 the CURL language. This may comprise 

executing the resulting code. Thereafter, 
fetched by the browser, control is passed 
having to reload the plug-in. 

One reason for the success of the 
15 communications. An unambiguous identif 

Locator or URL) is typically all that is 
that has promoted the rapid evolution 
content. While unconstrained access to 
web and the electronic economy, it runs 
20 and easy access to useful web content 

advantages to properly license and 
it is difficult to control access and thus c 
Consequently, typical for-profit publishers 
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content, such as the CURL language, 
only referred to as plug-ins. 
or load a non-native type of content, the 
content type. Control is then passed to the 
appropriate plug-in is not available to the browser 
g-in may be downloaded obtained from 



needed 



of the 



contribute 



hargi 



fetches content comprising a CURL program, 
corresponding CURL "plug-in" designed to process 
compiling the CURL source code and 
jvhen subsequent CURL language content is 
tfc> the CURL language plug-in without 

\yeb is its promotion of unencumbered 
er of information (e.g., a Uniform Resource 
to enable access to content, a feature 
web into a rich nexus of interrelated 

is valuable to the growth of the 
to conventional licensing models. Free 
the motivation of those who enjoy its 
revenue to the content supplier because 
e for information and services, 
of valuable content, such as computer 



information 



counter 



removes 
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unencumbered communications 
include passwords keyed to the 
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programs, research reports, timely sports scores, stock market information, and the 
like may forego strict licensing md encourage revenues by promoting an artificial 
scarcity of the commodity they provide. In those instances that a provider supplies 
coded content as well as the clic nt software, or plug-in, needed to interpret the 
content, access restrictions may be applied to the content itself, to the plug-in, or to 
both. 

Typical access restriction measures in current use tend to impede the open 

that are the hallmark of the web. Such restrictions 
user or passwords keyed to a hardware identification 
number attached to a specific computer and thus used to unlock the software or 
content. Password mechanisms can effectively limit the use of the software to a 
specific individual and/or specific machine but at the same time impede the web's 
unencumbered communication^ and further fail to scale for widespread use. Every user 

provided a password to unlock the software or content. 
Other mechanisms incliide removable hardware devices, commonly referred to 
as a "dongle," containing a unique license key. These devices are adapted to connect 
to a general-purpose communications port or specific interface of a client computer. A 
routine within a software prog -am looks for a specific code contained in the removable 
device each time the software js activated to determine whether the software may be 
run. Again, such a mechanisml can effectively limit the use of the software to a specific 
individual and/or specific macliine, but, because of the need to distribute hardware 



or provider of content must be 



devices, fails to scale for wide 



communications. 
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Networked computer environments 
terms of the traditional single-computer 
usage of software on a network or may 
additional compensation to the licensor 
used when a user at one client uses software 



For 



is to grant a license to use the software or 
This is known as an unlimited site license- 
license, may be required for each machine 
this may increases fees the licensor may 
for more licenses than are actually needed 
cooperation from the licensee to contact 
the network. Additional non-automated 



provide further licensing challenges. The 
software license might not properly cover 
unintentionally allow such a usage without 
instance, what form of license should be 
running on a second client. One solution 
any computer connected to the network. 
Alternatively, a license, called a limited site 
on which the software is to be run. While 
collect, it may also require the licensee to pay 
In addition, this mechanism requires 
licensor as additional nodes are added to 



tie 



and 



program usage and verify license compliance 
licensee keep accurate records of usage, 
inspect the licensee's site to audit progranji 
process. 

In a situation where a licensor dev 



programs and content for an end-user, a 
an accurate accounting of the use of the li 
wants unencumbered access to the content 
is thus caught between providing the 
license fee while at the same time providing 
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npechanisms may be required monitor 

. For example, a licensor may require a 
may demand the right to periodically 
usage; clearly, an inefficient and intrusive 



slops tools used by a licensee to create 
further tension exists. The licensor may want 
licensed tools, while the ultimate end-user 
without passwords and locks. The licensee 
licensor an accurate accounting for determining a 
easy access to the end-user. Current 
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mechanisms that satisfy the licensor have an unfavorable impact on the end-user, and 



visa-versa. 



Moreover, the develop*: 
licensing to the end-user. The 
product for certain uses, such 
access for commercial use, 
product. 

Conventional access 



r of content might wish to encourage multiple levels of 
evels of licensing may run from free access to the 
is for evaluation or non-commercial use, to fee-based 
wherein a fee is charged based on usage of the licensed 



users, since such users must 
deal with an electronic 
because of the overhead r< 
licensing technologies do not 
divergent licensing goals. 



restrictions constitute an impediment to free access by 
typically "register" with the access control mechanism or 
bureaucracy. They are also an impediment to fee-based access 
equiiled to monitor licensing compliance. Thus, present 
provide a broad mechanism capable of covering such 



The invention provides 
content and for licensing 
or other software used to 
distribution of both revenue 



access 



process 



This is achieved by 
herein as a licensing form, 
under which the content is 
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Summary of the Invention 



a new and improved method and system for licensing 
to functions provided by a plug-in, application, applet, 
the content. The invention, therefore, facilitates the 
non-revenue generating content on the Internet. 



apd 

enjbedding, within the content, licensing data referred to 
The licensing form itself is related to the type of license 
mide available. Software designed to process the content 
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includes routines for recognizing and validating 
and limiting processing of or access to the 
the license. 



Therefore, it is an advantage of the 
by which the provider of software utilized 
license the use of that software for commejrcial 
either the software or the content. 



invention to support a licensing mechanism 
in the interpretation of web content may 
purposes without controlling access to 



Further advantages of the invention 
or other specific use of the software, as 



well 



Additional advantages of the invention 
usage, to revoke the license as desired, an<jl 
software by the licensed content. 



In addition, it is also an advantage 
assertion embedded in the content stating 



Further advantages of this inventiop 
administering separate licenses pertaining 



Other advantages of the invention 
in the art in view of the figures and detailed 
invention. 
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ing a license form embedded in the content 
content pursuant to the validity or terms of 



include the ability to allow noncommercial 
as anonymous use of the software. 



allow the licensor to monitor licensed 
to charge fees based upon the usage of the 



of the invention to utilize a plain-text 
i hat the content is for non-commercial use 



to 



provide for multiple licensors, each 
interdependent content modules. 



will become apparent to one of ordinary skill 
description of the embodiments of the 
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Brief Description of the Figures 



The foregoing advantages 
reference to the following 
which: 



of the invention will be more readily understood by 
description taken with the accompanying, drawings in 



FIG. 1 is a block 
application for receiving licensed 



diagrain illustrating a computer system with a plug-in or 
content according to the invention; 



FIG. 2 is a block diagr 
application for receiving li 
according to the invention; 



am 



illustrating a computer system with a plug-in or 
licensed content and a server for providing such content 



FIG. 4 is a block diagi 
with a plug-in or application 
licensed content, and a license 



FIG. 5 is a simplified 
determining the type of license 
accordance with the principles 



FIG. 6 is a simplified 
invention when validating an i 
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FIG. 3 is a block diagram illustrating the composition of the {License ...} form 
according to the invention; 



TcMti illustrating interactions between a computer system 
fc}r receiving licensed content, a server for providing the 
server according to the invention; 



fljow chart illustrating steps performed by a plug-in when 
embedded within content being processed in 
of the present invention; 



f ow chart illustrating steps performed by a plug-in of the 
mplicit license; 
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FIG. 7 is a simplified flow chart illustrating 
present invention when validating an implicit 
authenticator; 



FIG. 8 is a simplified flow chart illustrating 
invention when validating an implicit license 
further determining an access policy; 



FIG. 9 is a simplified flow chart of 
invention when validating an explicit licens^ 
further incorporating the use of a cache of |valid 
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ing steps performed by a plug-in of the 
license containing a content 



steps performed by a plug-in of the 
containing a content authenticator and 



steps performed by a plug-in of the 
containing a content authenticator, and 
license results and grace period; 



es 



FIG. 1 0 is a simplified flow chart 
by a server in accordance with the principl 
an explicit license containing a content authenticator. 
of a cache of valid license results and grac* 



illustrating a portion of the steps performed 
of the present invention when validating 
, and further incorporating the use 

period; 



FIG. 1 1 is a block diagram of interactions 
plug-in or application for receiving license^ 
content, and two license servers according 



FIG. 12 is a block diagram illustrat 
licensing. 



between a computer system with a 
content, a server for providing licensed 
to the invention, and 



ng environments created during multi-level 
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Detailed Description of the Preferred Embodiments 



The following descripti 
present invention, and reflects 
alternative embodiments of this 



ion 



is illustrative of a preferred embodiment of the 
concrete choices for purposes of illustration only. Many 
invention will be apparent to those skilled in the art. 



The invention facilitates 



Ti lis 



programs yet provides 
garnering a financial return 
operations of the programs so 
Thus, for example, non 
possible limitations) while 
operation of the computer programs 



the widespread use and distribution of computer 
developjers of those computer programs a mechanism for 
is is accomplished by retaining control over the 
as to control access to content requiring the programs, 
commercial users of the programs may have free access (with 
conimercial users must pay a license fee for access to the 



In a first embodiment, 
module, program, or plug-in 
processing the content, the 
form, as described below, 
processing of the digital 



content based upon information 
e.g., non-commercial or 
non-commercial licensing 
The module also recognizes 



form 
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the invention comprises a freely distributed software 
runs on a computer to process digital content. While 
mddule searches for data comprising a special licensing 
licensing form must be present in the content for 
contejnt to be authorized. 



that 



Tte 



The module interprets the licensing form and authorizes processing of 
in the licensing form, such as the nature of the content, 
comihercial. The module has a built-in understanding of a 
and can grant free access to the computer programs, 
licensing forms of a commercial nature and can impose 
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further licensing validation steps (to ensure 
use) prior to accessing the computer progrjams 
understanding of different types of license 
computer programs by non-commercial coptent 
to the computer programs by commercial 
content by allowing free access to the computer 
while at the same time providing a mechanism 
to receive a financial return by requiring a 



di igi 



FIG. 1(a) and FIG. 1(b) are block 
computer system implementing the invention 
running operating system 101. Computer 
computer such as those sold by Compaq 
Computer 100 may also be another device 
Internet appliance. Operating system 101 
underlying computer, such as Microsoft 
Apple OS, and the like. 
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payment of a license fee for commercial 

Thus, the module has a built-in 
brms and can grant immediate access to the 

while preserving control over access 
eContent. This encourages the development of 
programs for non-commercial use 
for developers of the computer program 
icense fee for commercial use. 



rams of illustrative embodiments of a 
. The system utilizes computer 100 
00 can be a conventional personal 
Computer Corporation, IBM, and Apple, 
such as a game console, set-top box, or 
any operating system compatible with the 
Windows 98, Microsoft Windows NT, Linux, 



is 



With reference to FIG. 1(a), a first embodiment of the invention uses browser 
102 as a substrate for plug-in 103. FIG. 1( b) illustrates an alternative embodiment of 
the invention where application 104 is provided to instead of browser 102 and plug-in 



103. In the embodiment of FIG. 1(b), the 



mechanism for controlling access to a 



computer program is included with in the computer program itself, however, one of 
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ordinary skill in the art would 
separated from the underlying 

The browser-plug-in 
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appreciate that the access controlling portion may be 
computer programs. 



to interpret, execute, or 
particular, they are designed to 
invention and process the 
generally to plug-in 1 03 
one of ordinary skill in the art 
therewith. 



combination, or equivalently application 104, is designed 
otherwise process content received by computer 100. In 
recognize the licensing mechanism as taught by the 
content accordingly. While the remaining description refers 
operating in conjunction with browser 102, it is understood by 
tjhat application 104 may be used interchangeably 



coded 



can 



Turning now to FIG. 2 
processes content 201 received 
techniques. Content 201 is 
Language) that plug-in 103 
component or a set of related 
accordance with the principles 
licensed together as a whole 
thereof 



Under the invention, 
distinguished by a special 
the licensing form is encoded 
encode the content itself 
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the general operation of plug-in 103 is described as it 
from server 200 using standard communications 

in a language or representation (such as the CURL 
ultimately process and may comprise a single 
components, such as web pages or program modules. In 
of the present invention, multiple components may be 
as well as individually, in groups, or some combination 



cpntent that is licensed to operate under plug-in 103 is 
licensing form, or construct, within the content. Preferably, 
>o as to be compatible with the representation used to 
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For simplicity, the invention 
plain text CURL language source code. C|URL 
delimited by curly brackets. For example, 
CURL construct such as: 



is described herein using non-encrypted 

language constructs are typically 
the square of 9 may be calculated using a 



{ square 9.0 



Accordingly a suitable licensing form usin^ 
a CURL language construct such as: 



{Licensed 



wherein the ellipses denote further parameters to be described herein below 



A variety of alternative representations 
(e.g., text, graphics, executable code), and 
encodings) may be used with the present 
and encodings to support the present invention 
syntax. Typically such extension is su ; 
language or representation being extended 
form used in CURL source code extends 



iggested 



A corresponding license form in FT 



syntax 



<LICENSED> 



</LICENSED> 



while in C or Java it might take the form o 
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CURL syntactic conventions may comprise 



(e.g., HTML, Java, XML), data forms 
encodings (e.g., text, binary, or encrypted 
invention. Extending such representations 
may use any convenient alternative 
by existing syntactic conventions of the 
in a manner analogous to the way license 
CURL language. 



tie 



ML or XML, for example, might use the 



a language construct such as 
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Licensed 



• • • / 



Similarly, the extension of binary 
controls, and dynamically loaded 
representation so that the addec 
remaining content. Such extensions 



Whatever the representation 



(Licensed 



vallid 



(Licensed ...} form in every file 
of any file missing a valid 
user of the client machine, the 
Alternatively, a file lacking a 
with a default or limited behavior 
or a plug-in may be operational 
invention may provide for different 
additional information in the 



201 



In accordance with the 
useful processing of content 
contained within content 201 . 
beginning of each content file 
incrementally after validation 
of the content may be processed 
...} form. 
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representations (such as compiled class files, ActiveX 
libraries) accommodate the existing structure of the 
information is unambiguously distinguishable from the 
will be apparent to those skilled in the art. 



ion, plug-in 103 is adapted to detect such appropriate 
delivered to it for execution, arid to refuse execution 
. . . } form. Such refusal may be reported to the 
s(ource of the content, or the plug-in provider. 

(Licensed ...} form may be processed in accordance 
. For example, plug-in functionality may be restricted 
only for a specified period of time. In addition, the 
licensing schemes by including different or 
(Licensed ...} form. 



principles of the present invention, plug-in 103 defers 

until it has encountered a (Licensed ...} form 
Typically, such (Licensed ...} forms will be at the 
i;o that remaining content may be processed 
of the (Licensed ...} form. Alternatively, some portion 
in parallel with detecting and validating the (Licensed 
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The (Licensed ...} form is 
content 201, to plug-in 103 itself, or both, 
processed by plug-in 103 to determine the 
processed. Depending upon information in 
processing of the content 201 and the 
controlled. Thus, when content 201 is in 
delivered to plug-in 103, {Licensed ...} 
plug-in 103 executes or interprets content 
form 203. 



5- 



used 



by plug-in 103 to control access to 
In other words, (Licensed . .} form 203 is 
extent to which content 20 1 is to be 
(Licensed ...} form 203, the final 
functionality of the plug-in 103 can be 
terpreted by client 100, its contents are 
for|m 203 is extracted and processed, and 
201 to the extent allowed by (Licensed ...} 



10 FIG. 3 is an illustrative embodiment 

principles of the present invention. (Licenced 
information, including: 



15 



Identity of License 301 - this information 
embodiment of the invention, this 
embodiments it may be encrypted. 
201 to be processed by plug-in 103 



20 



Legal Assertion 302 - this identifies the 
license form this field indicates that 
without payment of a royalty under 
types of license forms this field spe 
assertion should be appropriate for 
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of a license for in accordance with the- 
...} form 300 may contain a variety of 



identifies the licensee. In one 
information comprises plain text but in other 
The licensee is the party providing content 
, e.g., the content creator. 



legal form of the license. In a first type of 
the licensed content may be distributed 
a non-commercial use license. In other 
;ifies a type of license. The form of the 
the intended use of the content, and is 



BNSOOCID <WO. 



0054128A1 J_> 



Best Available Copy 



WO 00/54128 



preferably a plain text 
license. It is anticipated 
jurisdiction and conforms 
be used to judicially 



enf Dree 



Encoded/Encrypted Data 
variety of data and may 
encoded as a sequence 
uuencode. In the ex< 



303 



10 



the data is quoted so 
language (viz., a quote^l 
binary data are: 



This portion of licensing form 300 includes a 
be provided in encrypted form. This data may be 
of plain-text characters using known techniques such as 
emjplary licensing form for use with CURL source code, 
it becomes a syntactically legal element of the 
string). Significant functions served by the encoded 



that 



2. Authentication 
1 5 contents and/or li 



of t tie 



Licensee 304 - Represents, 
the identity of a li 
20 example, a particular 
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stjring containing a legal assertion as to the nature of the 
that the assertion is appropriate for the licensee's 
to the laws governing the licensee and so that it may 
the licensor's rights. 



1 . Secure identification of the licensee and the specific contractual 
arrangements pertaining, to the license; 



content to detect tampering or modification of the 
licensing form; and 



3. Memorializing the content of a license applying to the content. 



The following are examples of data that may be encoded/encrypted: 



the identity of the license. This can be used to confirm 
licensee and may be a text string or numeric identifier. For 
iontract pertaining to the licensor/licensee in question 



Best Available Copy 



WO 00/54128 



10 



may be assigned a unique identifier 
{Licensed...} form 300 then serves 
arrangements - the first of the note|d 



Time Out Period 305 - A period in whfch 
5 optimization of the verification ph; 



the license is valid. Can be used as an 
dse of the license. 



Grace Period 306 - Period of time to 
of the license. Can be used as an 
license. 



allow use of the content without verification 
c ptimization of the verification phase of the 



Licensed Modules 307 - Extent of the 
mechanism to control access to the 
module-by-module basis. This enables 
functionality of plug-in 103. 



Verification Sitefs) 308 - One or more 
and verification server for the cont 
15 herein below. 



Unique ID 309 - An identifier used to 
downloading the content. This woijild 
actual end-user of the content. 



Authentication Code 3 10 - Information 
20 license has not been corrupted or 
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C. Reliable encoding of identifier C in 
to identify the licensee and contractual 
functions. 



license. This data can be used as part of a 
plug-in functionality on a 

licensing of only a portion of the 



network locations where an authorization 
tnt license may be found as further explained 



dentify the end user, the party actually 
allow a mechanism to track usage by the 



to verify that the code attached to the 
tampered with. Implemented via a Message 
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Authentication Code or 
known techniques (such 
noted function. 



MAC computed from the remainder of the file, using 
as cipher-block chaining), thus providing the second 



License Authentication Codfc 3 1 1 - Information to identify the terms under which 

licensed. This may comprise for example a cryptographic 
from the text of the license which may be used as 
of the license. Optionally the hash may be digitally time 
tihe parties involved. 



the digital content is 
hash or MAC computed 
evidence of the terms 
stamped and signed by 



One of ordinary skill in 
might be provided within {Licensed ...} form 300. 

In accordance with the 



the art would understand that additional data fields 



plug- 



for 



300 enables a licensor to 
for content. For example, a 
encourages use of a plug-in 
for product evaluation. To 
certain variants of (Licensed 
(Licensed ... } form is termed 
built-in information to grant aicess 
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principles of the present invention, (Licensed ...} form 
implement different types of licensing schemes, or policies, 
in creator may choose a licensing policy that 
certain purposes, such as for non-commercial use or 
support such a licensing policy plug-in 103 may accept 
} form 300 without further validation. This type of 
kn implicit license because the plug-in has sufficient 



An exemplary implicit (Licensed ...} form may comprise: 



i 
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Curl Corporation contr 
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rjcial use under the terms of 
aqt number C00001.}' 



This form contains only a plain text, legally 
intended use— that the content is for non-commercial 



th- 



requires no further licensing arrangements 
upon the plain-text legal assertion within 
the non-commercial nature of the content li 
viewable by anyone with viewing the 
non-commercial nature of the content. 



pop-up dialog box or splash screen may be 
commercial nature. 

A plug-in creator may instead choose 
the plug-in for certain controlled distributioln 
access. Thus, in another embodiment of the 
to require further validation of certain variants 
type of (Licensed ...} form is termed an exph 
insufficient built-in information to grant access, 
information to validate the license form. 



binding assertion appropriate for the 

use for which Curl Corporation 
In this approach, the licensor depends 

{Licensed ...} form itself stating clearly 
^ense. The legal assertion is readily 
content, and clearly states the intended 
Alternatively, when the content is processed a 
displayed informing the user of its non- 



An exemplary explicit {Licensed ...I form may comprise: 



{Licensed by XYZ Comput 

noioiomooi . . 



Wherein XYZ Computer Corporati 
of binary digits represents additional encrypted 
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a licensing policy that encourages use of 
purposes, e.g., commercial use or secure 
present invention, plug-in 103 is adapted 

of the {Licensed ...} form 300. This 
Hcit license because plug-in 103 has 
, and must resorting to external 



r Corporation 

. 0 01 01 01 001 00001 001 001" I . } 



<pn identifies the licensee and the sequence 
information 303 of FIG. 3. This 
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{Licensed ...} form may be distinguished 
license form itself. For exampl 
{Licensed ...} forms differ, i.e., 
the {Licensed .. .} forms will be 



When an explicit license 
decrypted by plug-in 1 03 and 
verify the license. Plug-in 103 
otherwise tampered with. The 
{License...} form may be 
maintained by a Licensor. 



form is encountered, encrypted information 303 is 
additional operations are performed by plug- in 103 to 
may also verify that the content has not been edited or 
current status of the license referenced by the 
verified by a brief exchange of messages with a license server 



FIG. 4 illustrates the flow 



403, and content server 200 in 
Client 100 sends requests 401 
content server 200. Content 
containing requested content 
{Licensed ... } form prior to 
201. If a {Licensed ...} form 
manner dependant upon the 



For explicitly licensed 
encoded information as showh 
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from the prior form by the content of the 
, the second word or term of the two exemplary 
'for' and 'by'. Clearly, other means of distinguishing 
apparent to one skilled in the art. 



of information between client 100, license server 
accordance with the principles of the present invention, 
for content 201 over a network, such as the Internet, to 
200 sends response 402 back to client 100 
Plug-in 103 then scans content 201 for a 
actual execution, interpretation, or processing of content 

s found, it is interpreted and verified by plug-in 103 in a 
contents of the {Licensed ...} form. 



server . 



201. 



content, {Licensed ...} form 300 contains at least a some 
by encoded information 303 of FIG. 3. To verify this 
form of license plug-in 103 crjeates license validation request 404 based in part 
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{ Licensed ...} form 300 and encoded information 
validation request 404 is sent to authorization 



Authorization server 403 may be 
the present example, authorization server 
server 403 receives license validation 
response 405 dependent upon information 
contents of license database 406 which is 



the 



'■03 



same server as content server 200, but in 
is a separate computer. Authorization 
request 404 from client lOOand generates 
in license validation request 404 and the 
discussed further below. 



illustrate 



The flow charts of FIGS. 5-10 
performed by embodiments of plug-in 103 

10 Referring first to FIG. 5, plug-in 103 perfi 

and determine a type of license designated 
plug-in 103 is in an initial state ready to 
501, plug-in 103 retrieves the content froir 
the user or under operation of previously 

1 5 click on a hyper-text link, or previously 

content to be retrieved. In a typical 
mechanism for retrieving content from the 
browser and operating system, but it is an 
invention the plug-in might include the 

20 for controlling a stand alone Internet appli 

code implementing a retrieval mechanism 
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303 contained therein. License 
server 403 . 



orms 



retrieve 



an exemplary sequence of steps 
when validating a (Licensed ...} form. 

an initial sequence of steps to retrieve 
by the {Licensed ...} form. At step 500, 

content located on a server. In step 
the server. Retrieval may be initiated by 
leaded content. For example, a user may 
content may reference additional 
of the invention, the actual transport 
server is provided by the underlying 
it^cipated that in other embodiments of the 

mechanism. For instance, a program 
i^nce or consumer set-top box may contain 
irectly. 



loaded 



embodiment 



retrieval 



BNSDOCID: <WO 0054 1 23A 1 _ I > 



WO 00/54128 



Best Available Copy 



10 



15 



20 



At step 502, the plug-in 
Typically, the form will be at thi 
scanning the content. If there is 
signaled as an error, step 504, 
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scans the content for the {Licensed ...} form, 
top of the file to minimize the time required for 
no {Licensed ...} form within the content, it is 
the plug-in exits this routine, step 505. 



and 



Assuming at least one { 
the type of license, step 506 
type of {Licensed ...} form foufrd 
basic types of license, implicit 
of license may be created 
508, otherwise it branches to 



Tie 



and 



If the 



steps 



Turning now to FIG. 6, 
the validity of the license is now 
for example, by simply matchirfg 
legal assertion to a text string 
an implied license may include 
applied to the legal assertion 



to 



At step 511, if the 
operations, step 512, and exits 
plug-in operates on the conter t 
functionality provided by the 
content, this function is exited 
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icensed ...} form is found, it is decoded to determine 
plug-in branches at step 507 depending upon the 
in the content. As described herein, there are two 
explicit; however, it is anticipated that other forms 
license is implicit, it branches to steps starting at step 
509. 



if the {Licensed ...} form specifies an implicit license, 
checked. At step 510, the implicit license is checked, 
a text string in the {Licensed...} form containing the 
Retained by the plug-in. Alternative methods of checking 
comparing the results of a hash or other function 
a value stored by the plug-in. 



license check fails, the plug-in executes any necessary error 
the function at step 513. If the license check passes, the 
to the extent allowed by the license terms and the 
ug-in. Once the plug-in is allowed to operate on the 
at step 515. 



pit 
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Ifthe 



step 



FIG. 7 illustrates an alternative 
an implicit license in which the content is 
license is checked as described above 
executes the necessary error operations, 
If, however, the license check is successfu 
contents and compares it with the MAC 
520. If the comparison fails at step 521, 
and should not be operated upon, then an 
the function exits at step 523. If the 
operates on the content to the extent 
515. One of skill in the art will understand 
provided by the {Licensed ...} form in an 



Referring now to FIG. 8, an additional 
is described. The steps illustrated in FIG. 
addition of step 524, wherein the plug-in 
the license. The access policy may limit th 
functionality. For example, a basic set 
non-commercial use license, while at the 
features unless they are enabled under an 



ex 



FIG. 9 illustrates steps performed 
license is an explicit license. In explicitly 
always have an encoded portion such as ericoded 
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embodiment of the invention for operating on 
secured by a MAC. At step 516, the implicit 
match fails at step 517, the plug-in 
518, and exits this function at step 519. 
, the plug-in computes a MAC from the 
foiind within the (Licensed ...} form, step 
indicating that the content has been corrupted 
^rror condition is signaled at step 522, and 
comparison succeeds at step 521, then the plug-in 
allowled, step 525, and the function exits at step 
that various other functions may be 
alnalogous manner. 



extension of the preferred embodiment 
are the same as those in FIG. 7, with the 
determines an access policy appropriate for 
s plug-in to a set of permissible 
of functions may be made available under a 
time withholding access to advanced 
plicit licensing regime, as described below. 



Seme 



the plug-in when it is determined that the 
licensed content, the (Licensed ...} form will 
portion 303 of FIG. 3, containing 
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additional information needed tc 



validate the license. At step 550, the encoded 
information is decoded. Depending upon the encoding, a variety of levels of security 

information can be provided. For instance, the 
encoding, or, alternatively, may cryptographic 
private key infrastructure to both encrypt and encode the 



encoded 



surrounding access to the 
encoding comprise a simple bi 
techniques using a public or pri 
data. 



binary 



At step 551, a MAC 
{Licensed...} form 300 to 
{Licensed ...} form has been i 
not acceptable, step 553, an 
554. If the computed MAC is 
prior approved {Licensed ...} 
cache entry is found that applie 
is updated at step 557 (to allow 
or other aging mechanism) 
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of the contents is computed and compared to MAC 3 10 of 
deterhiine whether the contents have been corrupted or the 
lligally generated or copied. If the computed MAC is 
errpr condition is signaled, step 553, and the routine exits 
Authentic, at step 555 a cache is checked to see if a 
fprm applies to the content under examination. If a 
5 to the content, tested at step 556, then the cache entry 
for aging of the entry via an access count, usage limit 



If there isn't a valid cache 



step 560. Identification of the 
the encoded information (303 
content. The plug-in attempts 
information from the plug-in to 
license. The necessary informition 
identity, content identity, user 



entry, then a license server needs to be contacted at 
icense server can be built into the plug-in, specified by 
<bf FIG. 3), specified by another server, or built into the 
to contact the license server and pass the necessary 
the license server as required for validation of the 

can include one or all of the following: licensee 
identity, machine identity, contract identity, use count, 
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etc. Preferably, the information is passed to 
communications link as known in the art to 
interception. 



grace 



One important aspect of the invention 
of FIG. 3 may be stored on the license 
{Licensed ...} form. For instance, the licen 
cache entry associated with specific content 
module that the license applies to, or a 
Thus, by storing some information on the li 
all accesses of the content without requiring 
content. In addition, with a user or machine 
can be created on a per machine or per user 
information (303 of FIG. 3) includes certain 
overridden by information found on the li 



server 



If the license server does not respord 
if the location of more than one license 
of FIG. 3. Otherwise, at step 561, a grace 
isn't a cache entry nor a response from the 
enable disconnected operations. For instance 
machine for later access. If the user is not 
server, then without a cache entry from a 
would be denied. A grace period allows the 
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the license server via a secure 



protect the communications from 



is that some of encoded information 303 
server and a reference to the data stored in the 
>e server may specify a timeout period for a 
, an additional verification site, another 
period applicable to the content, etc. 
:ense server, the values can change across 
a change to the {Licensed ...} form in the 
identification, a customized access policy 
basis. Finally, even if the encoded 
information, that information can be 



license server. 



, additional license servers may be queried 
is provided in verification sites field 308 
pjeriod may apply, step 562, even if there 
server. A grace period is an optimization to 

, content may be stored on the user's 
connected to a network containing a license 
previous access, operation of the content 
content to be used a certain number of 



BNSDOCID: <WO 0054123A1J_> 



Best Available Copy 



10 



15 



WO 00/54128 



PCT/US00/06242 



-26- 

times, or for a certain time peric d, without requiring access to the license server. If the 
grace period is expired, step 56:t, an error is signaled, step 564, and the content is not 
operated upon and the routine exits, step 565. If the grace period applies, and is valid, 
then the content is operated to tjhe extent allowed by the license, step 566, and the 
routine exits. 

FIG. 10 illustrates the stleps 



invention. If a server responds, 
server will typically include 
received is used to validate or 



license 



license, step 570, then an error 
the response validates the 
step 573, and the content is 
574, and the routine exits, step 



in contacting the server for one embodiment of the 
we enter at step 568. The response from the license 
additional information, as already noted. The information 
invalidate the license. If the response invalidates the 
is signaled, step 571, and the routine exits, step 572. If 
, then an entry is created in the cache for the content, 
operated on to the extent allowed under the license, step 
575. 



20 



FIGS. 5-10 are only 
licensing mechanism. One 
extensions and modifications 
the {Licensed ...} form can be 
augmented, the encryption am 
communications method can b 

Extensions 



m^ant as examples of various embodiments of the 
of Ordinary skill in the art can appreciate that additional 
ajre possible. For instance, the information contained in 
augmented, the information stored on the server can be 
encoding algorithms can be changed, the 
e varied and all fall within the scope of the invention. 
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Although the user computer - authorization 
brief, it does add a small overhead to each 
already shown, this overhead can be reduceid 
client (e.g., within a "cookie" or similar clie|nt 
interval used to control its life. The cached 
retrieval of related content. When requestejd 
would check its local cache for related records 
... } form. Thus, the plug-in need only exchange 
were no such cache entry or if the cache 



ization server exchange can be made quite 
Execution of the licensed content. As 
by caching the server response on the 
state), along with a specified timeout 
result may then be applied to future 
to execute a licensed file, the plug-in 
affirming the validity of the {Licensed 

messages with a license server if there 
has expired. 



en ry 



Caching prior license approvals also 
requests that must be sent to a license servejr 
requests may be reduced even further by allbwing 
{Licensed ...} forms. For example, a cache 
having a specified content, naming a specified 
domain are valid. 



Various implementations of the 
the actual timeout interval for the cached 
plug-in), specified within the {Licensed ...} 
in its response to the validation request 
passage of time, number or accesses or a 
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reduces the number of license validation 
The number of license validation 

cache entries that apply to multiple 
entry may validate all {Licensed ...} forms 
licensee, or originating from a specific 



timeout mechanism are possible. For instance, 
sponse might be constant (built into the 
form, or specified by the Licensor's server 
timeout interval may be based upon 
combination thereof 



The 
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be: 



response 



In addition, the relationship 
retrieved by the user can also 
in a hierarchy, the cached 
nodes lower in the hierarchy or 
response for a web page may a] 
Alternatively, the {Licensed ...} 
content for which it applies, 
to support the licensee's particular 
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of the cached server response with future content 
configured. For instance, if the content is organized 
for a particular node can apply to that node and all 
a limited number of lower nodes. Thus, a cached 
jj>ply to all web pages within the same domain, 
form or the response from the server can specify the 
, the cached response is flexible and can be adapted 
content. 



Thus 



An alternative to the validation 



modify the contact with the license 
allow "lazy authentication" of tjhe 
and then in parallel with operation 
could eliminate or diminish an> 
computer and the license computer 
content. 



To save client storage 
of it may be digested via a 
hash function 



& Sons, 1996) into a smaller 
Alternatively, the plug-in migtjt 
license server, sending a 
the form, and then caching the 
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steps illustrated in FIGS. 5-10 above is to 
server to take place in the background. This would 
license, where the license is validated only as needed 
on the content. From the user perspective, this 
delays caused by the interactions between user 
prior to validation and thus operation of the 



£nd minimize the size of a {Licensed .. .} form, a portion 
cryptographic hash function such as MD5, SHA1, or other 
{Applied Cryptography. Second Edition, By Bruce Schneier, John Wiley 
fprm to be compared against stored values. 

deal with all {Licensed ...} forms by contacting s 
validation request containing, a short cryptographic hash of 
result to avoid the need for future validations. This 
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15 
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approach allows the set of implicit {License d 
control of the Licensor via the license servelr 
enables a licensor to revoke licenses, since 



...} forms to grow dynamically, under 
. In addition, the use of a cache timeout 
<bached validations will eventually expire. 



Encoded information 303 of FIG. 3 
constructed from C, the MAC of the file contents 
An exemplary calculation of encoded inforrfration 



Encode ( 

Encrypt ( 
Append ( 

Hash (Append (C,M2 
C, 

MAC (remainder of| file) 

')/ 

SecretKey 



) 



) 
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of {Licensed ...} form 300 may be 

, and other data in a number of ways. 
303 is shown as follows: 



£ (remainder of file))), 



wherein Append simply concatenates the t it strings representing its arguments, Hash 
computes a noninvertible cryptographic hash of its arguments, 
Encrypt (bits , key) is a standard en:ryption scheme such as DES, and 
Encode is a character encoding function such as encode. SecretKey is a 
symmetric encryption key known only to the licensor. The hashing and encryption 
steps discourage attempts to separate the C and MAC components of the encoded 
binary data and recombine them in forged {Licensed ...} forms. 



Since occasional re-validation of eaih 
license is required, a license server may coll 
corresponding to the licenses. Such license 



explicit (and some versions of implicit) 
ect and store in a database data 
records may me analyzed statistically to 
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yield a rough model of the active 
for example, send weekly repor;s 
and perhaps asking the licensee 
terms of the current license. 



retrieving license records from 
by the user. 



user base served by each license. The licensor might, 
to each licensee relating the number of active users, 
to renegotiate a license if the number exceeds the 
Alternatively, a plug-in may include the capability of 
i he license server so the information may be processed 



In addition, a licensor 
entries, and organize content in 
the sequence or flow of access 
able to identify those content 



rray 



so that substantive processing 
server freeing client software 
routines. However, in 
and other functions may be 
desired, using network 
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specify cache timeout values, the scope of cache 
such a way that the licensor may generate reports on 
:hrough the content on a content server, and thus be 
that are over or under utilized. 



aifeas 

In the embodiments of tlhe invention described herein, the invention is designed 

6f the encoded binary data can happen entirely on the 
fiprn the need to include sophisticated encryption 
accordance with the principles of the present invention, these 

relocated between the plug-in and the licensor's server as 
communication with standard security measures as necessary. 



License Generation 

For a licensee to create content licensed for use with the plug-in, the licensee 
must be able to affix the cryptc graphic {Licensed ... } form to the created content. To 
this end, the licensor supplies the licensee with a certification tool, namely a program 
specific to the appropriate con ract (and hence specific to that licensee) which takes as 
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input an unlicenced file and affixes the appropriate 
Preferably, the license tool is integrated int|o 
originally create the content, e.g., in the fo|rm 
module. Alternatively, the tool may be a stand 



Clearly, the certification tool is 
and should not be distributed publicly. In 
compromised, the licensor can react by 
the licensee a new tool which implements 
deletes any earlier {Licensed ...} form as 
on current licensing terms and the remainiij; 
Alternatively, a {Licensed...} form may i 
may only validate license forms having a 
compromised. 



inc lude 



tie 



The tool may be completely self-contained 
encryption mechanism, or may operate in 
particular licensor. At its extreme, under 
be created by transmitting the content file ( 
the license creation server. The license 
necessary information and send it back in 
that the tool containing a licensor's cryptoiraphi 
of the licensor. 
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{Licensed ...} form to it. 
the programs and routines used to 
of a dynamic load library or other 
-alone program. 



intended only for use by a particular licensee, 
i he event the security of the tool becomes 
revoking the license it produces, and issuing 
fresh (uncompromised) license. The tool 
necessary, and generates a fresh copy based 
g contents of the supplied source file, 
a time stamp so that a license server 
stamp prior to when the tool was 



time 



, relying on internal coding and 
conjunction with a server maintained by a 
latter approach, a {Licensed ...} form can 
or the MAC of the file) via a secure link to 
creation server would then generate the 
response. An advantage of this approach is 
ic information is kept under the control 



BNSDOCID: <WO 00541 28A1_I__> 



10 



15 



20 



Best Available Copjy 



WO 00/54128 



Multi-layer Licensed Software 

The {Licensed ..} form 
relationships. For instance, the 
In this example, the plug-in can 
deploy an application. In this 
is the content creator/provider 
a user. In this situation the 



cise 



lice nsor 



the user. 



The operations parallel 
extended to handle two licensor 
for content 20 1 to content 



serv zr 



602 containing content 201. 
and in this case, encounters twcb 



{Licensed by Aljbh 
{Licensed by Br^vo 



One {Licensed ...} form 
content provider. Plug-in 103 
the related {Licensed ...} form 
information from license datab&se 
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can be extended to support multiple licensor-licensee 
system can support a relationship as shown in FIG. 1 1 . 
be licensed to a content provider to develop and 

, the licensor is the plug-in creator and the licensee 
In turn, the content provider can license the content to 
is the content creator/provider and the licensee is 



[he examples described previously, but are now 
-licensee relationships. Client 100 sends request 601 
200. Content server 200 responds by sending answer 
-in 103 scans content 201 for {Licensed ...} forms, 
license forms, such as 



Plug 



a Company under contract A2 3} 
Company under contract B99} 



Alternatively, multiple license forms may be combined or nested. 



relates to a license between a plug-in provider and a 
contacts 603 plug-in license server 403(a) to validate 
License server 403(a) retrieves the appropriate 
406(a) and send respond 604 to plug-in 103. 
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The other {Licensed ...} form relat 
provider and the end user. Again, plug-in 
server 403(b) to validate the related {Licensed 
retrieves the appropriate information from 
606 to plug-in 103. 



2S to a relationship between the content 
103 sends message 605 to content license 

...} form. License server 403(b) 
license database 406(b) and sends respond 



grace 



Depending upon the responses rec4ived 
accordingly. Each of the two {Licensed 
different validation servers and different 
license interactions to be customized accoijdingly. 
may provide a long cache timeout period 
to the plug-in provider's license server. 



for 



This general scheme is further extended 
present invention so that licensed modules 
separately sourced content and software mjodules 
the form: 



{require <file locator> 



specifies that execution of the module 
access to another module identified by the 
Universal Resource Locator ("URL"), 
dependency, it fetches and imports the 
required and requiring module contain {Li 
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, 103 plug-in operates on the content 
} forms may have different settings, such as 
or cache timeout periods, thus enabling 
For instance, the plug-in provider 
this particular licensee to minimize traffic 



in an additional embodiment of the 
may refer to each other. For instance, 

can refer to each other. In CURL, 



. . } 



containing the {require ...} form depends on 
specified file locator, which is typically, a 
When the plug-in encounters such a 
specified or "required" module. Both the 
{Licensed ...} forms, which may specify the 
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licen^ors, and licensees. In the most general and most 
from different developers. 



cirl 



For example, company 
Curl audio software, B.curl, of 
produce a Curl application A. 
of Curl Corporation; but it is 
a licensee of B. To this end, wi 
third-party software vendors to 
software licenses. 

The form 



may provide which-performance high-performance 
I nterest to other Curl developers, and company A might 
which requires B.curl. Both A and B are licensees 
us(eful to provide additional support for A to become also 
provide the system provides a mechanism for allowing 
utilize aspects of our invention to administer their 



{Licensor <name 
<encoded 



appearing within a file is used 
to licensing, restrictions in 
licensor section is be plain text 
pertinent details) in human 
in encrypted form, a URL or 
indicated license. In the above 



{Licensor B 

<encoded b 
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of licensor> 
data>) } 



binary 



to 



establish that the containing content module is subject 
addition to those involving the plug-in itself. The name of 

and identifies the licensor (and optionally other 
readable form. The encoded binary data includes, perhaps 
other identifier of one or more servers that administer the 



example, the form 



Coroorat 



ion 
Lnary data>} 



would appear within file B.curl to indicate that its use is subject to licensing restrictions 
imposed by B Corporation. 
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The (require ...} form, which indic|ates 
include an optional {Licensed ...} form, prjo 
(require ...} form. The (Licensed ...} claqse 
the (Licensed ...} form already described, 
(require ...} form and indicates that it pertains 
in the required module. 



a dependency on external content, may 
perly nested as a clause within the 
has a structure and function analogous to 
except that it is embedded within a 

to a license from the Licensor declared 



In our example, file A. curl might ir elude the form 



{ require "http: //www.B 
{Licensed by A 

<encoded binafry 

. . . } 



~om/B . curl' 
data>} 



wherein the http: //www.B.com/B.c 
module required by A. curl,, and wherein 
encoded binary data the components previ 
server to validate A's license status. On 
A. curl, the plug-in will first load Bxurl 
forms and validating licenses as required. 
Bxurl as previously described, using data 
(require ...} form together with the server 
within Bxurl. B may provide implicit 
(Licensed ...} clause dynamically as previc 



url is a URL or other reference to a 



licenses 



As part of A's licensing arrangement 
from B which enables A to add the 
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the (Licensed ...} clause contains within its 

ously described as necessary for B's license 
encountering one of the above forms within 
appropriately satisfying all of its (require . . .} 
The plug-in will then validate A's use of 
from the (Licensed by A ...} form in the 
identified in the (Licensed ...} form found 

, using B's server to validate each 
usly described. 



with B, A receives a certification tool 
(Licenced ...} clause to the (require ...} form to 
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modules created by A. This tqol 
certification tool previously described 
top-level {Licensed ...} form 



Using this approach, B 
simply licensing every use of E 
can prevent the unlicenced D. 
using B.curl on a given client, 
modules of functionality such 
obtain. Many modern operating 
systems for mobile code such 
and Safe-TCL (The Safe-Tel 
Sun Microsystems Laboratories 
Inc. USENIX Annual Technical 
Orleans, Louisiana, USA) 
from additional vendors, under 
of the plug-in can extend its 



Other Embodiments 



Many variants of the 
the art. For example, some 
instructions for a real or virtu&l 



or 



further interpretation or trans 
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operates in generally the same fashion as the 

, except that it generates a clause rather than a 



is able to license the use of B.curl to A, rather than 
curl to all of A's clients. As illustrated in FIG. 12, B 
durl from using B.curl even while A curl is gainfully 
B.curl is dependent on the plug-in's ability to segregate 
hat only approved interactions and interdependence 

systems provide support for this, as do typical 
is Java (Sun Microsystems, Inc. Inc., Palo Alto, CA) 
Security Model, Jacob Y. Levy and Laurent Demailly, 
; John K. Ousterhout and Brent B. Welch, Scriptics 
Conference (NO 98), 1998, June 15-19, 1998, New 
Moreover, B.curl can similarly require licensed software 
separately maintained licenses. In effect, the supplier 
licensing, advantages to arbitrary software vendors. 



qescribed embodiment will be apparent to those skilled in 
all of the content may be coded in binary, either as 
machine, or as an intermediate representation requiring 
ation. 
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Various additional data fields may 
to additional features offered by a client pi 
additional user authentication features such 
identification and password information 
licensee's server. 



be included in a {Licensed ...} form relating 
ug-in. For example, a licensor may offer 
as requiring a plug-in to request 
a user, and optionally verify the with the 



from 



In additional embodiments of the 
those instructions needed for interpreting 
additional modules or plug-ins as may be 
the plug-in or {Licensed ...} form will i 
the additional modules or plug-ins. These 
stored on the client to be used as needed, 
release unused modules depending upon 
metric. This provides for a very small plug 
downloaded from a server when required 
form contained therein. Space occupied 
for reuse, thereby enabling the creation of 



The mechanism of this 
and certification that may play useful roles 
invention, for example pursuant to privacy 
invention sharing these additional goals, 
...} forms may advantageously be combine|d 
serving these additional purposes. The 



the 



BNSDOCID: <WO 0054126A1_L> 



PCT/US00/06242 



invention, a plug-in may initially contain only 
tjhe {Licensed ...} form and for loading 
riecessary to process the content. In this case 
iderjtify at least one server capable of providing 
idditional modules are downloaded ^nd 
Optionally, the client may dynamically 
the time of last access or such replacement 
in as all other modules are subsequently 
tjo process content and any {Licensed ...} 
by released modules may then be reclaimed 
client with minimal module storage area. 



invehtion includes elements of authentication 
unrelated to the objects of the present 
or security goals. In applications of the 
coding of information within {Licensed 
with other information and mechanism 
combination of licensing and security 
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mechanism may be optimized 
eliminating redundant informatlion 



The client execution vehicle need not be a browser plug-in as described 
, applet, dynamically linked library (DLL), ActiveX 
of executable code. 



here. It might be an applicatio|n 
control, or any other form 
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ways that will be obvious to those skilled in the art, 
and mechanism from the combined implementation. 
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What is claimed is: 



igital 



1 . A method of licensing digi 
examining the digital content to idejntify 
subject to a license, wherein the data includes 
determining a status of the license; 
processing the digital content subje|ct to the status. 



content, the method comprising: 
data indicating that the content is 
a license-specific portion; 

and 



2. The method of claim 1 whe rein examining the digital content comprises 
searching the digital content for a license statement. 



3. 



The method of claim 1 wherein the data includes a human readable 



portion. 



5. The method of claim 1 wherein 
comprises determining the status of the license 
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4. The method of claim 1 wherein the data includes an encrypted portion. 



in determining a status of the license 
based on the data. 



The method of claim 1 wherein determining a status of the license 
comprises requesting the status of the licerlse from a server. 

The method of claim 6 wherein requesting status from a server further 
comprises sending to the server a portion q>f the data. 
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The method of Iclaim 7 wherein the data includes an encrypted portion 
and sending a portion of the d^ta to the server comprises sending the encrypted 
portion. 



9. 



The method of 



server, wherein determining a 
response from the server and 
responsive to the inspection o 



claim 6 further comprising caching a response from the 
status of the license comprises inspecting the cache for a 
requesting the status of the license from the server 
the cache. 



corre 



finding a cache entry 
determining the validitly 



to the status comprises 
with determining the status. 
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10. The method of] claim 9 wherein inspecting the cache comprises: 

esponding to the data; and 
of the cache entry. 



1 1 . The method off claim 1 0 wherein determining the validity of the cache 
entry comprises determining that the cache entry has not expired. 

12. The method of claim 6 wherein processing the digital content subject to 
the status comprises processing at least a portion of the digital content in parallel with 
determining the status 

13. The method of claim 1 wherein processing the digital content subject 
processing at least a portion of the digital content in parallel 
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digital 



19. A method of licensing 

providing first software thai 
indicative of a license, the data including a 
providing second software 

identifies the data in the digital content; 
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14. The method of claim 1 whdrein the data includes a portion for 
determining whether the digital content has been altered. 

15. The method of claim 1 wherein processing the digital content comprises 
selectively applying first and second processing routines to the data subject to the 
determined status. 

16. The method of claim 1 5 wherein selectively applying first and second 
processing routines to the data comprises applying the first processing routine to the 
data and not applying the second processing routine to the data. 

17. The method of claim 1 whe|rein determining a status of the license 
comprises determining that the license is ftj>r non-commercial use. 

18. The method of claim 17 further comprising indicating to a user that the 
content is licensed for non-commercial use 



content, the method comprising: 
embeds in the digital content data 
license specific portion, and 
that: 
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determines a status of the license indicated by the digital 



processes the digital content responsive to the status. 



20. The method of c 



license comprises searching the 



laim 19 wherein identifying the data indicative of a 
digital content for a license statement. 
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21 . The method of qlaim 19 wherein the data includes a human readable 
portion. 

22. The method of ilaim 19 wherein the data includes an encrypted portion. 

23. The method of £laim 19 wherein determining the status of the license 
comprises determining the statiis of the license based on the data. 

24. The method of plaim 19 wherein determining the status of the license 
comprises requesting the statu£ of the license from a server. 

25. The method of |ckim 24 wherein requesting the status from the server 
further comprises sending a petition of the data to the server. 
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26. The method of claim 25 wherein the data includes an encrypted portion 
and sending the portion of the data to the server comprises sending the encrypted 
portion. 



server, wherein determining a status of the 
response from the server and requesting 
responsive to the inspection of the cache 
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27. The method of claim 24 further comprising caching a response from the 

license comprises inspecting the cache for a 
status of the license from the server 



the ; 



28. The method of claim 27 wherein inspecting the cache comprises: 
finding a cache entry corresponding to the license; and 
determining the validity of the cac^ie entry. 

29. The method of claim 28 wherein determining the validity of the cache 
entry comprises determining that the cach^ entry has not expired. 



30. The method of claim 24 wherein 
to the determined status comprises processing 
in parallel with determining the status. 



processing the digital content subject 
at least a portion of the digital content 



3 1 . The method of claim 19 wherein 
to the determined status comprises processing 
in parallel with determining the status. 



in processing the digital content subject 
ing at least a portion of the digital content 
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32. The method of cjaim 19 wherein the data includes a portion for 
determining whether the digital content has been altered. 

33. the method of c|laim 19 wherein processing the digital content 
comprises selectively applying Ijirst and second processing routines to the data subject 
to the determined status. 



34. The method of 4laim 33 wherein selectively applying first and second 

comprises applying the first processing routine to the 
determined status and not applying the second processing 
the determined status. 



processing routines to the data 
data responsive to the 
routine to the data responsive 



content is for non-commercial 



37. Apparatus for 
a general purpose 
a memory, the memory 
examining the 
is subject to a license, the data 
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35. The method of $laim 19 wherein determining a status of the license 

license is for non-commercial use of the content. 



comprises determining that the 



36. The method of claim 35 further comprising indicating to a user that the 



use. 



licensing digital content, the apparatus comprising: 
computer; and 

including programmed instructions for: 
digital content to identify data indicating that the content 
including a license- specific portion; 
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determining a status of the license; and 
processing the digital content subject to the status. 

38. The apparatus of claim 37 wherein examining the digital content 
comprises searching the digital content for a license statement. 

39. The apparatus of claim 37 wherein the data includes a human readable 
portion and an encrypted portion. 

40. The apparatus of claim 37 wherein determining the status of the license 
comprises determining the status of the license based on the data. 

4 1 . The apparatus of claim 1 wherein determining the status of the license 
comprises sending a portion of the data to a server and requesting the status of the 
license from the server based on the data . 

42. The apparatus of claim 41 wherein the data includes an encrypted 
portion and sending a portion of the data to the server comprises sending the encrypted 
portion. 

43. The apparatus of claim 41 further comprising caching a response from 
the server, wherein determining a status of the license comprises inspecting the cache 
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for a response from the server and requesting the status of the license from the server 
responsive to the inspection of the cache. 

44. The apparatus of claim 43 wherein inspecting the cache comprises: 
finding a cache entry corresponding to the data; and 

determining that the cache entry has not expired. 

45. The apparatus of claim 41 wherein processing the digital content 
subject to the status comprises processing at least a portion of the digital content in 
parallel with determining the status. 

46. The apparatus of claim 37 wherein processing the digital content 
subject to the status comprises processing at least a portion of the digital content in 
parallel with determining the status. 

47. The apparatus of claim 40 wherein the data includes a portion for 
determining whether the digital content has been altered. 

48. The apparatus of claim 37 wherein processing the digital content 
comprises selectively applying first and second processing routines to the data subject 
to the determined status. 
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49. The apparatus of claim 48 wherein selectively applying first and second 
processing routines to the data comprises applying the first processing routine to the 
data and not applying the second processing routine to the data. 

50. The apparatus of claim 37 wherein determining a status of the license 
comprises determining that the license is for non-commercial use and indicating to a 
user that the content is licensed for non-commercial use. 
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